Summary: The content discusses the identification of the developer behind a malicious remote access tool used to target Russian organizations.
Threat Actor: Mr. Burns | Mr. Burns
Victim: Russian organizations | Russian organizations
Key Point :
- The developer of a malicious remote access tool, known as BurnsRAT, used to target Russian organizations has been identified as a 38-year-old Ukrainian national named Andriy R. from the city of Ternopil.
- The developer, who goes by the alias Mr. Burns, has been active on darknet forums since 2010 and is known for creating malicious versions of remote administration tools.
- Mr. Burns is believed to be a “client/partner” of another cybercriminal known as VasyGrek, who has been targeting Russian companies since at least 2016.
Researchers claim to have uncovered the identity of the developer of a malicious remote access tool used to attack Russian organizations.
Its developer, who goes by the alias Mr. Burns, has been active on darknet forums since 2010 and is known for creating malicious versions of remote administration tools, such as TeamViewer and RMS (Remote Utilities). The Russian cybersecurity firm F.A.C.C.T., which says it has identified the hacker, tracks the tool as BurnsRAT.
According to the company, the developer is a 38-year-old Ukrainian national named Andriy R. from the city of Ternopil.
The attribution of BurnsRAT to a Ukrainian developer couldn’t be verified. Given that the majority of Western cyber companies left Russia when it invaded Ukraine, they have limited visibility inside Russian networks.
According to researchers, Mr. Burns is a “client/partner” of another cybercriminal known as VasyGrek who has been attacking Russian companies since at least 2016. VasyGrek has been using Mr. Burns’ remote access trojan for at least five years, they said.
F.A.C.C.T., which is a spinoff of the Singapore-based cybersecurity firm Group-IB, claims to have identified Telegram accounts and other social media pages, as well as darknet forum profiles, linked to the two cybercriminals.
In addition to BurnsRAT, VasyGrek has deployed tools such as MetaStealer, WarzoneRAT and the RedLine information stealer against Russian companies and has used “financially-themed” emails, such as payment orders, as lures. The latest VasyGrek attack on an unnamed victim in Russia was detected in May 2024.
A BurnsRAT rental costs $1,200 a month, the researchers said, allowing its operators to manage, upload, and delete files, lock the victim’s keypad and screen, and turn off or reboot the computer.
The researchers said for ethical reasons they are not disclosing Mr. Burns’ personal data, “but all information collected during the study is transferred to law enforcement agencies.”
Ukrainian cyber police declined to comment on F.A.C.C.T.’s findings.
Recorded Future
Intelligence Cloud.
Source: https://therecord.media/russian-researchers-identify-alleged-rat-developer
“An interesting youtube video that may be related to the article above”